When sizing clusters for devices in our Identity Services Engine (ISE) deployment, Cisco IT uses a “3+1” formula: For every person we assume three devices (laptop, smartphone, and a tablet) plus one device in the background (security camera, printer, network access device, etc.). In a company the size of Cisco, with roughly 80,000 employees, the math is simple: Read More »
Cisco IT is deploying Identity Services Engine (ISE) globally. ISE is a security policy management and control platform that automates and simplifies access control and security compliance for wired, wireless, and VPN connectivity. We’re running ISE 1.2 Patch 3 globally and evaluating Patch 5 for its guest networking enhancements. Over the next few months, I’d like to share some of our best practices and lessons learned as we continue our ISE deployment. Much of the background and deployment work before my blog can be found in this published article. Read More »
Life is generally a lot easier when you have all the facts. Especially if those facts are actually accurate. Nowhere does this ring more true than in the life of an IT professional.
Often times a day in an IT shop is a lot like that grade school game of telephone where information gets passed down the line but gets distorted (or is just plain wrong) because no single player has the complete context. This scenario gets played out everyday in the IT infrastructure where siloed operations, monitoring and policy platforms only work from the information they possess. But that information is generally just a snapshot viewed through the bias of that system’s siloed purview. As a result, mistakes get made, security is substandard or perhaps even dysfunctional, and everything from configuration to event management and investigation takes far longer than it should. Net-net – time is wasted, costs increase, and many things still don’t work that well. Read More »
Employees, and many business, want to allow personal devices to be used at work, and potentially for work. However, balancing that with corporate policies for information security, clear rights-of-use, liability, and then bounding it within an acceptable IT cost structure is no small feat. Cisco joined forces with leading MDM vendors to link together a solution that starts at day zero – when an employee first buys a new device and tries to use it at work. It includes self-service onboarding to the network, offering a choice of using a device as a guest or work asset, and forced enrollment in (and compliance with) MDM when business policy must be enforced.
Citrix recently acquired Zenprise to add top-tier MDM to their mobile workspace and application management solution. The good news is Zenprise is an early MDM partner with Cisco, and Citrix inherits the integration work. The tight linkage of Cisco’s Unified Access Solution, and the Cisco Identity Services Engine, to what is now Citrix XenMobile MDM, is a powerful combination for customers to deploy since it brings quite a bit more to the table than standalone MDM.
In this blog, let us take a look at how Catalyst access switches profile the various connected devices and make the information available to various network services.
Many devices like laptops, IP phones, cameras etc. are connected to the network and need to be managed by IT for asset management, device onboarding, switch configuration, policy management & device energy management. Traditionally, IT administrators manually added each device for each service. This consumes unnecessary overhead and is an inefficient use of IT’s time. Read More »